projects / babeltrace.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix: add stricter checks on packet boundaries
[babeltrace.git] / formats / ctf / types / float.c
diff --git a/formats/ctf/types/float.c b/formats/ctf/types/float.c
index 2e0bd5ce57ea78b42994e13b4ddf05e19bc79ae5..afe5e8d2cf2ef9d66a1cce2df2727bea70a4ba34 100644 (file)
--- a/formats/ctf/types/float.c
+++ b/formats/ctf/types/float.c
@@ -197,11 +197,14 @@ int ctf_float_read(struct bt_stream_pos *ppos, struct bt_definition *definition)
        }
        tmpfloat = container_of(tmpdef, struct definition_float, p);
        memset(&destp, 0, sizeof(destp));
-       ctf_init_pos(&destp, -1, O_RDWR);
+       ctf_init_pos(&destp, NULL, -1, O_RDWR);
        mmap_align_set_addr(&mma, (char *) u.bits);
        destp.base_mma = &mma;
        destp.packet_size = sizeof(u) * CHAR_BIT;
-       ctf_align_pos(pos, float_declaration->p.alignment);
+       if (!ctf_align_pos(pos, float_declaration->p.alignment)) {
+               ret = -EFAULT;
+               goto end_unref;
+       }
        ret = _ctf_float_copy(&destp.parent, tmpfloat, ppos, float_definition);
        switch (float_declaration->mantissa->len + 1) {
        case FLT_MANT_DIG:
@@ -232,7 +235,7 @@ int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
        union doubleIEEE754 u;
        struct bt_definition *tmpdef;
        struct definition_float *tmpfloat;
-       struct ctf_stream_pos srcp;
+       struct ctf_stream_pos srcp = { { 0 } };
        struct mmap_align mma;
        int ret;
 
@@ -253,7 +256,7 @@ int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
                goto end;
        }
        tmpfloat = container_of(tmpdef, struct definition_float, p);
-       ctf_init_pos(&srcp, -1, O_RDONLY);
+       ctf_init_pos(&srcp, NULL, -1, O_RDONLY);
        mmap_align_set_addr(&mma, (char *) u.bits);
        srcp.base_mma = &mma;
        srcp.packet_size = sizeof(u) * CHAR_BIT;
@@ -268,7 +271,10 @@ int ctf_float_write(struct bt_stream_pos *ppos, struct bt_definition *definition
                ret = -EINVAL;
                goto end_unref;
        }
-       ctf_align_pos(pos, float_declaration->p.alignment);
+       if (!ctf_align_pos(pos, float_declaration->p.alignment)) {
+               ret = -EFAULT;
+               goto end_unref;
+       }
        ret = _ctf_float_copy(ppos, float_definition, &srcp.parent, tmpfloat);
 
 end_unref:
BabelTrace - Trace Format Babel Tower
This page took 0.023249 seconds and 4 git commands to generate.